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S i vis pacem, para bell urn 

If you wish for peace, 
prepare for war 
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The mission of the United States Air Force is 
to fly, fight and win... 

in air, space and Cyberspace. 



http://www.af.mil/main/welcome.asp April 2012 



(c) W Caelli - IISEC Pty Ltd 




OH his plane. "We are all going tO nuvc iu wurK very nuru nui umy iu 

defend against cyber attacks but to be aggressive with regards to 
cyber attacks as well The best way to accomplish that is not only on 
our own, but working with our partners. " 



Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/09/14/bloombergl376- 
LRJE970YHQ0X01-0MUBUS4IR8TGlN6J027E4V9GAK.DTL#ixzzlY5Hlr4LL 



Cyber War Added to Threats Under U.S., Australia Defense Treaty, Wednesday, 
September 14,2011 
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^ The Hon Kevin Kudd MP 

'*■ I-'umiht Mini^tier for Fum^n AJtnir* 

Cooperation on Cyber - a new dimension of the US 
Alliance 

Joint media release : The Hon Kevin Rudd MP, Minister for 
Foreign Affairs & The Hon Stephen Smith MP, Minister for 
Defence, 15 September 2011 
The US and Australian Governments agreed today that a 

cyber attack on either of them would trigger the 

mechanisms oftheANZUS Treaty. 

26th Australia-United States Ministerial Consultations 



(AUSMIN) September 15, 2011 
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General Keith Alexander 
Director, National Security 
Agency 

Chief, Central Security 
Service 

Commander, United States Cyber Command 
(USCYBERCOM). 



■ . . . congressional hearing . . . rampant cyber-theft 
involved u the greatest transfer of wealth in history" 

AFR5Apr2012 
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CHINA 



July 2010 



PLA's General Staff Department (GSD) announces 
"Information Security Base" 

Ordered by President Hu Jintao 
" ....our army is strengthening its capacity and is 
developing potential military officers to tackle 
information -based warfare.." 

Source: 

William T Hagestad II, "21 st Century Chinese Cyberwarfare" , UK 2012 



T UJ ■ ■ ■ 
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21 July 2000 




In the Information World, What are the 
Responsibilities of Government, Law 
Enforcement and the Citizen ?" 



W. J. Caelli 



2nd Commonwealth Investigators' Conference 

" Partnerships and Technology in the Fight Against Crime 

Bardon Professional Centre, Brisbane. Qld. 21 July 2000 
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" . . . in order that His Majesty 's 
Subjects may do their utmost . . . 
to., capture .. the Ships and 
Vessels belonging to citizens of 
the 


m 


and to destroy their 


J& 


commerce. . . " 
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Circular despatch 

from 

Earl Bathurst to 

Governor Macquarie, 

New South Wales, 

13 October 1812. 



Acknowledged by 
Governor Macquarie, 
28th June 1813. „ 




Gdansk 
(Danzig) 



(c) WCaelli- MSEC Pty Ltd 



Cyber Deterrence, Cyber Response and 
Defence of the Digital Nation/ Economy 
AusCERT-2012 



16 May 2012 





German SS troops enter Danzig, Poland - late 1939. 



:) W Caelli - IISEC Pi 



(c) WCaelli- MSEC Pty Ltd 



8 



Cyber Deterrence, Cyber Response and 
Defence of the Digital Nation/ Economy 
AusCERT-2012 



16 May 2012 



LONG TRADITION - ELECTRONIC WARFARE 



By the end of 1944, 462 Squadron had joined 100 (Bomber Support) 
Group, and following the fitment of specialised radio equipment, 
began operations to disrupt the highly organised German air defence 
system. The Halifax's were modified to carry special radar jamming 
equipment designed to interfere with both the night fighter and 
ground based radar. 

RAAF 
462 Squadron 



http://www.airforce.gov.au/raafmuseum/research/units/462sqn.htm 
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President's 
Commission on 
Critical 
Infrastructure 
Protection 







obert T Marsh, Chairman 



Formed July 1996 
Final Report 20 October, 1997 
Whitehouse Statement 
22 October 1997 
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Richard A Clarke - USA 



National Coordinator for Security, Infrastructure 



Protection and Counter-terrorism 



".. the conclusion by the Administration is that 
the nation IS at risk because over the last 
decade we have made the nation, the economy 
and national defense dependent upon computer 
networks. We have designed, ad hoc, a 
national information infrastructure without any 
thought of including security. " (Clarke, May 1999) 
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Michael J Jacobs 

Deputy Director, ISSO - NSA (USA) 



'In the cyber era, our traditional lines of 
defense no longer provide a wall between 
citizens and those who would do harm. " 



3rd National Colloquium on INFOSEC Education 
New York, USA. 25-27 May 1999 
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a number of foreign nations have 

developed information-warfare doctrine, 
programs, and capabilities for use against the 
US. and other nations 

i . . ._ . ■ 2005 




(c) W Caelli - IISEC Pty Ltd 




(c) WCaelli- MSEC Pty Ltd 



11 



Cyber Deterrence, Cyber Response and 
Defence of the Digital Nation/ Economy 
AusCERT-2012 



16 May 2012 





(c) WCaelli- MSEC Pty Ltd 



12 



Cyber Deterrence, Cyber Response and 
Defence of the Digital Nation/ Economy 
AusCERT-2012 



16 May 2012 



EAST INDIA COMPANY 



....the capture of India was not accomplished by 
the British Army, but by the private armies of the 
East India Company, which grew in size to 
become larger than that of any European 
sovereign state 
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Even in romantic fiction 



V - 



The guilds are, however, 
peculiar blends of 

business corporations 

and emerging 

militia 
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DETERRENCE 

MUTUALLY ASSURE 
DESTRUCTION 

TO 

DISRUPTION ?? 




RUSSIA 
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IA / IO AWARENESS. TRAINING. EDUCATION 



Defence / Intelligence 
Law Enforcement 
^ Government 
NCI Operators 
Corporates 
SME - Citizens 



IA Information Assurance CNI Critical National Infrastructure 

IO Information Operations SME Small/medium enterprises 

(c) W Caelli - IISEC Pty Ltd 3 
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IA / IO AWARENESS. TRAINING. EDUCATION 



R&D 
'* System Design 
* Developers 
* Integrators 

Managers 



IA Information Assurance 
IO Information Operations 



R&D Research and 



Development 
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ISPs = YOUR NEW NEIGHBOURHOOD 
INTERNET MILITIA ? 



enforce industry determined "code" (iCode / IIA) 

• not part of any legal structure ? 

• not subject to traditional legal processes (magistrate) 
apply determined penalty (new "sheriff/ bailiff") 

• override any pre-existing contract ? 

• enter premises to assist in compliance "obligations" 
no responsibility on system supplier 
no responsibility on service provider 

(now new "sheriff") 



*«ni"'»" **ppipr* 
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Posse comitatus 



Posse comitatus or sheriff's posse 

• common-law or statute law authority of a 

• county sheriff / law officer to conscript 

• any able-bodied males to assist in 

• keeping the peace or to pursue and arrest a felon 



Exists in US States that have not repealed this function 
» Note : 

• USA "Posse Comitatus Act - 1878" (Boston massacre - 1770) 

• no use of army / air force (1956) 

• Navy / Marines (no - but only by self regulation) 

• Coast Guard / National Guard OK 

• no Australian equivalent (differing history) 

16 May 2012 (c) W Caelli - IISEC Pty Ltd 



Wikipedia 



us ACT 




The hunt for the Governor gang of bushrangers. 

A pOSSe of mounted police, aboriginal trackers and district 

Volunteers. Jimmy & Joe Governor were sighted at Stewarts Brook 
on 12 September 1900. 
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MILITIA USA 



The early colonists of America considered 
the militia an important social structure, 
necessary to provide defense and public 

?ty. (Wikipedia) 

1 a. */r_ om o ( c ) W Caelli _ j ISEC p ty Ltd 



MILITIA AUSTRALIA 



Citizen 's Military Forces (CMF) - 



1901/1980 {i&s 




olonim Militia - pre J 
1855 - 1890 : Colonial govefr 
1870 - British military control ceases 
Governor - raise military I naval forces 
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Lieut. Richard Dowse 
Queensland Volunteer Rifles 
Date: 1889 




The Royal Queensland Regiment 
(9RQR) (1911) 
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DIMENSIONS & DISTINCTIONS 



Vulnerability 
Threat 
Attack 
Penetration 
Compromise 
Damage 
Audit 
Forensics 




Categories: 



A) individual, normal, commercial business 

systems 

B) national critical infrastructure (NCI) 

C) defence / intelligence / law enforcement / 

government systems 
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VICTIMS 



1 little policy / legal recourse 

• best practice guides / non-binding 

• Reidenberg: 

• Civilian self-help / Strike-back 

• Supplement law-enforcement 

• Local "cyber militia " 

• vigilantism ? 

• no warrant or protection at law 
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VICTIM B) RESPONSE - NCI 



International law 

• No adequate clarification of response 

• Even nation to nation 



•Response illegal ? 

• Criminal code 

• Even to "clarify" attack 

• Automated counter-attack ? 

• Shut-down or partially disable attack system 




QD 
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VICTIM A) RESPONSE - BUSINESS 



Law enforcement 



Local "help" - defensive? 



Counter operations - illegal ? 
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CYBER DEFENCE 



Who is defending ? 
What technology is used / managed ? 
Policy settings ? 
Legal situation ? 
(Note: Even placement of passive monitors !) 
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CYBER DEFENCE 



military / intelligence entities 
law enforcement 

public / private / mixed enterprises 
NCI owner / operators 

• telecoms / common carrier 

(Telecommunications Act, Interception Act) 

• ISP (Note: NBN Australia) 
private sector - contractor 
SME - home user 
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CYBER DEFENCE 



• Commonwealth Criminal Code Act 1995 

• disrupt / destroy / interfere electronic systems 

• terrorism provisions 
•Section 100.1 



Greg Farr (DoD Australia) 

...he admitted that no one in the industry can have all ofinc o/vt^ m 
they need. "We're no longer in the business of employing all the IT 
specialists the business needs, " he said. This makes partnering with 
industry necessary. ( ZDNet.com.au 21 March 2012) 



(c)W Caelli -IISEC Pty Ltd 



23 



Cyber Deterrence, Cyber Response and 
Defence of the Digital Nation/ Economy 
AusCERT-2012 



16 May 2012 



"Australian Cyber-warfare Centre 77 

Des Ball - 2008 (Strategic and Defence Studies Centre, ANU) 



Its activities would be both defensive and offensive 

... research into possible vulnerabilities often suggests ways of exploiting these for 

offensive purposes. 
.finding ways of penetrating the firewalls' protecting avionics systems and of 

using wireless application protocols (WAPs) to insert 'Trojan horses'. 
Scenarios would be continually researched and techniques practised to ensure 

the currency of the plans in contingent circumstances. 
A Cyber-warfare Centre would be responsible for identifying the preparations 

• ... necessary for expeditious implementation of the plans, including the 

preparations for offensive operations. 
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CYBER SECURITY AND THE "POSSE" | 

Research Questions: <-~ .c-^i 



Could AusCERT and even CERTAustralia be 
"posses" at law? 

• Invocation (law enforcement officer ?) 

• Sworn officers? (deputies) 
Are private CERTs forms of "posse" or "vigilante" groups? 

• CERT as a commercial service ? | 
What are legal implications for the entity and its members? 
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CHALLENGES: 



Does a form of "posse " have a place in the cyber-defence world ? 

• Can traditional defence and law enforcement maintain the necessary 
staff and skills to cope with the cyber threat? (See US CAE program) 

• Are "cyber challenges" really defence/law enforcement exercises? 

• Are there new models? 

• What are the legal, policy and political issues with concepts like a 

"cyber militia"! 

• What can we learn from the concepts of "militia " ? 

• In Australia ? 

• In the USA? 
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Thanks to Ms J Georgiades, QUT 



CISSE 



The Colloquium for 
Information Systems 
Security Education 



REMINDER 



© 



REGISTRATION IS OPEN 



THEf OLLOQUIUM2012 



LAKE BUENA VISTA, FL 



Monday June 11 -Wednesday June 13, 2012 



http://www.cisse.info 
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